Issue with configuring two different Multi-Provider SSO setups

Stephen25
Mega Expert

We have a Multi-Provider SSO configuration on our instance. One IDP is set up for internal staff members using SAML with Microsoft Azure, which is set as the default and auto-redirect IDP. The other IDP is for external users, configured with OpenID Connect via OKTA.
External users access the system through a URL appended with /login and can click a button labeled "OKTA Login" to access the backend.

The issue arises when external users attempt to access the service portal. For instance, if a catalog item URL from the service portal is shared with an external user who is neither a resolver nor already logged in, the system redirects them to the default Microsoft IDP instead of the intended OKTA IDP.

How can we configure the system to recognize external users and direct them to the appropriate IDP without affecting the user experience?

2 ACCEPTED SOLUTIONS

Najmuddin Mohd
Mega Sage

Hello @Stephen25 ,

You can check the below article when using multiple Identity providers

https://www.servicenow.com/community/developer-forum/auto-redirect-users-to-correct-idp-when-using-m...


If the above information helps you, Kindly mark it as Helpful and Accept the solution.
Regards,
Najmuddin.

View solution in original post

@Najmuddin Mohd Thanks for the article. I followed the steps and updated the SSO Source field for external users with the IDP SysID. However, when testing as an external user, I was still redirected to the internal user IDP (Microsoft IDP) instead of the intended OKTA IDP. 

 

After reviewing it again, I realised that when setting the SSO Source field with the IdP in the user table, I needed to prepend sso: to the beginning of the SysID. This detail wasn’t mentioned in the article. Thanks again for your help!

View solution in original post

3 REPLIES 3

Najmuddin Mohd
Mega Sage

Hello @Stephen25 ,

You can check the below article when using multiple Identity providers

https://www.servicenow.com/community/developer-forum/auto-redirect-users-to-correct-idp-when-using-m...


If the above information helps you, Kindly mark it as Helpful and Accept the solution.
Regards,
Najmuddin.

@Najmuddin Mohd Thanks for the article. I followed the steps and updated the SSO Source field for external users with the IDP SysID. However, when testing as an external user, I was still redirected to the internal user IDP (Microsoft IDP) instead of the intended OKTA IDP. 

 

After reviewing it again, I realised that when setting the SSO Source field with the IdP in the user table, I needed to prepend sso: to the beginning of the SysID. This detail wasn’t mentioned in the article. Thanks again for your help!

vishnudasl
Tera Contributor

@Stephen25 is this setup correctly? - no auto-redirect IDP should be enabled(Value of glide.authenticate.sso.redirect.idp system property should be empty)

 

Alternatively you can bypass this step by making the “login_locate_sso.do” page the initial login page.